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(54) Apparatus, method and computer program product for controlling access to a target device 
across a bus 



(57) A method, apparatus, and computer program 
product for controlling access to a target device utilizes 
an initiator identifier to either permit or deny access to a 
selected portion of the target device (102). To that end, 
a message having the initiator identifier is directed from 
the initiator device (100) to the target device (102) to 
request access to the selected portion of the target 
device. Upon receipt by the target device, it is deter- 



mined if the initiator identifier is in a permitted set of 
identifiers associated with the selected portion of the 
target device. If the initiator identifier is in the permitted 
set, then access to the portion (1 08) of the target device 
is permitted and the initiator can access the target in 
accordance with conventionally known processes. 



r 




CM 
CO 



o. 

UJ 



Printed by Xerox (UK) Business Services 
2.16.7/3LG 



1 



EP0932096A2 



2 



Description 

FIELD OF THE INVENTION 

[0001] The invention generally relates to computer 
networks and, more particutarty, the invention relates to 
controlling communication between network devices 
connected to a bus system. 

BACKGROUND OF THE INVENTION 

[0002] Network devices may be connected with con- 
ventional interconnection subsystems such as, for 
example, a small computer system interface parallel 
interconnect bus ("SCSI bus"), a SCSI Fibre Channel 
bus, or an Ethernet based local area network. Devices 
utilizing a SCSI bus. for example, are configured to com- 
ply with the SCSI protocol {e.g., SCSI-1, SCSI-2, or 
SCSI -3, among others), the specification of which is dis- 
cussed in "Information Technology - SCSI-3 Architec- 
ture Model" X3T 10 994D Revision 18, from the 
American National Standards Institute f ANSI", located 
at 11 West 42nd Street New York. New \brk) and in 
"SCSI-3 Architecture Model (SAM)" X3.270:1996. also 
available from ANSI. Both such publications are incor- 
porated herein, in their entirety, by reference. 
[0003] Initiator devices {i.e., devices connected to a 
bus requesting access to other devices connected to 
the bus, commonly referred to as "initiators^ on a SCSI 
bus may access other devices {i.e., devices connected 
to the bus and being accessed by initiators, commonly 
referred to as "targets") on the bus in accordance with 
the SCSI protocol. The SCSI protocol specifies that an 
initiator requesting access to a target must transmit an 
access message to the target specifying an initiator 
identifier identifying the initiator, a target identifier iden- 
tifying the target and a logical unit number f LUN") 
identifying the portion of the target device to be 
accessed ("logical unit"). The initiator identifier and the 
target identifier typically identify the physical location 
{i.e., physical address) of the initiator/target on the bus 
(e.g., the identification number of the port on the SCSI 
bus). 

[0004] As is known by those skilled in the art different 
bus protocols set different Omits on the maximum 
number of logical units within a single target that may be 
accessed by an initiator. For example, a maximum of 
eight logical units in a single target may be accessed by 
an initiator connected to a bus system that is utilizing 
the SCSI-1 and SCSI-2 protocols. Accordingly, the initi- 
ator on such bus system may access no more than eight 
logical units per target Other logical units in the target 
thus undesirably are not visible to the initiator. In a sim- 
ilar manner, a maximum of 2 64 logical units are visfcle 
to an initiator when using the SCSI Fixe Channel proto- 
col on conventional systems. 
[0005] One system implementation utilizing a SCSI 
bus. for example, may include a target controller operat- 



ing a central disk array that is used to store information 
for several host computer systems. Accordingly, in a 
disk array having hundreds of disks that each operate 
as separate logical units, bus systems using the SCSI-1 
5 or SCSI-2 bus protocol grossly underutiGze the disk 
array because only eight of the disks in the array may be 
accessed. 

[0006] There also are privacy problems with conven- 
tional targets such as, for example, a disk array. Specrf- 

w icalfy, the LUN in an access message may specify one 
or more disks in the disk array to store information from 
an initiator host computer system. In many such prior 
art bus systems, however, depending upon the bus pro- 
tocol, the entire disk array is accessible (via the target 

15 controller) by all of the host computers connected to the 
bus, thereby limiting the privacy of the files stored in the 
disk array. 

[0007] The art has responded to this privacy problem 
by partitioning disk arrays, for example, into a plurality of 

20 partitions, assigning a different array port {i.e., bus con- 
nection points) and target controller to each partition, 
and connecting an independent bus to each array port. 
Accordingly, a partition is accessible by those initiators 
only that are on the bus that is connected to the associ- 

25 ated array port This solution therefore requires that the 
disk array have the same number of ports as array par- 
titions, as well as an equal number of busses. This 
requirement necessarily increases the ultimate cost of 
manufacturing and utilizing such network system. 

30 

SUMMARY OF THE INVENTION 

[0008] In accordance with one aspect of the invention, 
a method, apparatus, and computer program product 

35 for controlling access to a target device utilizes an initia- 
tor bus identifier to either permit or deny access to a 
selected portion of the target device. To that end, a mes- 
sage having (among other data) an initiator identifier 
identifying the initiator is directed from the initiator 

40 device to the target device to request access to the 
selected portion of the target device. Upon receipt by 
the target device, it is determined if the initiator identifier 
is in a permitted set of initiator identifiers associated 
with the selected portion of the target device. If the initi- 

45 ator identifier is in the permitted set, then access to the 
portion of the target device is permitted and the initiator 
can access the target portion in accordance with con- 
ventionally known processes. 
[0009] If the initiator bus identifier is not in the permit- 

so ted set, then access to the selected portion of the target 
device is denied. If denied, then a denial message may 
be transmitted to the initiator device having notification 
data that the initiator identifier is not in the permitted set. 
[001 0] In accordance with another aspect of the inven- 

55 tion, a target controller intercepts the message and 
transmits the message to the target device if the initiator 
identifier is in the permitted set of initiator identifiers. 
Although the permitted set of initiator identifiers may 
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have as few as zero identifiers, some embodiments may 
include up to the total number of devices coupled to the 
bus. 

[0011] In accordance with other aspects of the inven- 
tion, the bus is a SCSI bus and the message includes a s 
logical unit number associated with the selected portion 
of the target device. Moreover, the message may iden- 
tify the bus and a target identifier identifying the target 
The target device may be a disk array and the initiator 
device may be a computer system. w 
[0012] In accordance with still another aspect of the 
invention, a probe message is transmitted to the target 
device, where the probe message includes the initiator 
identifier. After the initiator identifier is determined, from 
the probe message, at least zero portions of the target is 
device that are accessible to the initiator device are 
identified. A reply message then is produced and trans- 
mitted to the initiator device, where the reply message 
includes data identifying the at least zero portions of the 
target device that are accessible to the initiator device. 20 
In response to receipt of the reply message, the initiator 
device may produce an access message (having data 
identifying one or more of the at least zero portions of 
the target device that are accessble to the initiator 
device) requesting access to the target device. The 2$ 
access message may be transmitted to the target 
device, thereby causing the target device to permit 
access by the initiator device to the at least one or more 
of the at least zero portions of the target device. 
[0013] In accordance with yet another aspect of the 30 
invention, the target device may be accessible by either 
one of a first initiator having a first configuration and a 
first initiator identifier, and a second initiator having a 
second configuration and a second initiator identifier. In 
preferred embodiments, a first driver is provided for as 
interpreting the first configuration and facilitating access 
by the first initiator, and a second driver is provided for 
interpreting the second configuration and facilitating 
access by the second initiator. Access is permitted, via 
one of the two drivers, in response to receipt of an 40 
access message having one of the first initiator and sec- 
ond initiator identifier. Specifically, if the access mes- 
sage has the first initiator identifier, then the message is 
directed to the first driver for processing, thus facilitating 
access by the first initiator. In a similar manner, if the 45 
access message has the second initiator identifier, then 
the message is directed to the second driver for 
processing, thus facilitating access by the first identifier. 

BRIEF DESCRIPTION OF THE DRAWINGS so 

[0014] The foregoing and other objects and advan- 
tages of the invention will be appreciated more fully 
from the following further description thereof with refer- 
ence to the accompanying drawings wherein: ss 

Figure 1 schematically shows a preferred network 
system that may be utilized to implement a pre- 



ferred embodiment of the invention. 
Figure 2 is a flow chart showing the steps of a pre- 
ferred embodiment of the invention for controlling 
access to target devices. 

Figure 3 schematically shows an alternative net- 
work system that may be utilized to implement a 
preferred embodiment of the inverrtioa 
Figure 4 shows another alternative network system 
that may be utilized to implement a preferred 
embodiment of the invention. 
Figure 5 shows a preferred process for accessing a 
target via a target controller that is compatible with 
initiators having different configurations. 

DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS 

[0015] Figure 1 schematically shows a preferred net- 
work system that may be utilized to implement a pre- 
ferred embodiment of the invention. The system 
includes a plurality of network devices, identified as ini- 
tiators 100 and targets 102, that are interconnected by 
a network bus 104. In preferred embodiments, the bus 
104 is a small computer system interface bus ("SCSI 
bus"), and the network devices are preconfigLred in 
accordance with the SCSI specification. The initiators 
100 request access to the target 102 by directing 
access messages to the target 102 via the bus 104. 
Access messages include, among other things, an initi- 
ator identifier identifying the initiator, a target identifier 
identifying the target, and the portion of the target 
device 102 to be accessed (logical unit 108", referred 
to in the figures as "LIT). The logical unit 108 is identi- 
fied in the access message by a logical unit number 
f LUN"). It should be noted that although only one target 
102 is shown in the figures, any number of targets 102 
may be utilized, including the initiators 100 which also 
can act as targets 102 to other initiators 100 and the tar- 
get 102. It also should be noted that two devices consid- 
ered to be "connected" are not necessarily directly 
connected and thus, may have additional circuit ele- 
ments or devices between the two devices. 
[0016] The target 102 preferably includes a target con- 
troller 106 for receiving and processing initiator mes- 
sages, and a plurality of logical units 108 that are 
utilized and accessible by selected initiators 100. For 
example, the target 102 may be a redundant array of 
independent disks f RAID"), commonly known as a disk 
array. In such case, the logical units 108 may be groips 
of disks in the disk array. The groups may range in size 
from zero disks (i.e., a null set) to all of the disks in the 
disk array. As shown in greater detail in figure 2, the tar- 
get controller 106 processes the initiator messages and 
permits access to selected logical units 1 08 in the target 
102. In preferred embodiments, the target controller 106 
is implemented as firmware within the target 102. 
[0017] In accordance with preferred embedments of 
the invention, an initiator 100 may access only selected 
logical units 108 within the target 102. Depending ipon 
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the bus protocol used, those selected units may be 
groups of logical units 108 ranging in size from zero log- 
ical units 108 to every logical unit 108 in the target 102. 
In preferred embodiments, certain logical units 108 are 
accessHe by one initiator 100 only, and certain other s 
logical units 108 are accessible by multiple initiators 100 
("shared logical units"). 

[0018] Figure 2 is a flow chart showing a preferred 
method for controlling access to the logical units 108 
within the target 102. In addition to depending upon the 
target identifier, access to the logical units 108 is 
dependent upon the initiator identifier. To that end, the 
process starts at step 200 in which the initiator 100 
probes the bus 1 04 with a probe message to determine 
the target identifier and the logical units 108 associated 
with the target 102. As shown below, only certain logical 
units 108 within the target 102 are associated with the 
initiator 1 00. Upon receipt of the probe message, which 
includes the initiator identifier {e.g., the physical location 
of the initiator 100 on the bus 104), the target controller 
106 determines which logical units 108 on the target 
102, if any, are accessible by the specific initiator 100 
making the request (step 202). This determination may 
be performed by accessing a data structure {e.g., a 
"look-up table") that specifies a permitted set of logical 
units 108 that are accessible by the specific initiator 
100. For example, the initiator 100 may have access to 
a permitted set of logical units 108 having logical unit 
numbers four and six only. The look-up table thus also 
includes a set of initiator identifiers associated with each 
logical unit. Only those initiator identifiers in each set 
therefore may access their associated target logical 
unit. It should be rioted that use of a look-up table is dis- 
cussed for exemplary purposes and is not intended to 
limit the scope of the invention. Any conventional mech- 
anism for determining the permitted set of logical units 
108 therefore may be utilized. 
[001 9] The look-up data structure may be pre-conf ig- 
ured by a system operator who assigns selected logical 
units 108 in the target 102 to each of the initiators 100. 
This preconf iguration preferably is performed when the 
target controller 106 is installed. When necessary, how- 
ever, the look-up data structure may be reconfigured at 
any subsequent time, such as when new initiators 100 
are added to the system, or when the logical units 108 
must be reassigned to other initiators 100. In preferred 
embodiments, the target controller 106 has an associ- 
ated graphical user interface that enables the system 
operator to easily configure or reconfigure the logical 
unit allocation within the system. 
[0020] The process then continues to step 204 in 
which a reply message having the set of logical unit 
numbers that are accessible on the target 1 02 by the ini- 
tiator 100 is transmitted to the initiator 100 via the bus 
104. In so doing, the target 102 appears (to the initiator 
1 00) to have only the set of logical units 1 08 in the reply 
message. Any other actual logical units 108 on the tar- 
get 102 thus appear to be invisible to the initiator 100. 



This creates a 'Virtual" target for the initiator 100, where 
such virtual target has only those logical units specified 
in the reply message. When used with a SCSI bus, the 
logical unit numbers must be renumbered to include 
logical unit number zero. Accordingly, if the initiator 100 
has access to logical unit numbers four and six, then the 
target controller 106 may renumber those logical unit 
numbers as zero and one, respectively, and store the 
corresponding actual logical unit numbers in local target 
memory for a subsequent mapping (discussed below 
with regard to step 208). 

[0021] The process then continues to step 206 in 
which the reply message is received by the initiator 100. 
and an access message requesting access to the logi- 
cal units 108 specified in the reply message is transmit- 
ted to the target 102. As noted above, the access 
message includes, among other things, the initiator 
identifier, the target identifier, and the logical unit num- 
bers of the logical units 108 to which accessed is 
requested. In the above example, the access message 
may include logical unit numbers zero and one. 
[0022] The target controller 106 then receives the 
access message and maps the logical unit numbers in 
the access message to the actual (physical) logical unit 
numbers of the target 102 (step 208). This mapping is 
performed based upon the initiator identifier. Continuing 
with the above example, the local target memory is 
accessed and the logical unit numbers in the access 
message (zero and one) are mapped to the actual logi- 
cal unit numbers (four and six) in the target - device 1 02. 
[0023] Once the actual logical unit numbers are deter- 
mined, then the process continues to step 210 in which 
access is permitted to the respective logical units 108 
{e.g., actual target logical unit numbers four and six). 
The initiators 100 then access the logical units 108 in a 
conventional manner according to the SCSI protocol. 
[0024] Figure 3 schematically shows an alternative 
network system that may be utilized to implement a pre- 
ferred embodiment of the invention. Unlike the configu- 
ration shown in figure 1, this configuration includes a 
target controller 106 that is in a chassis that is separate 
from that of the target 102. The target controller 106 is 
electrically connected between the bus 104 and the tar- 
get 102 to transmit and receive messages to and from 
the target 102. Although separate from the target 102, 
the target controller 106 functions substantially identi- 
cally to that in the embodiment shown in figure 1. 
[0025] Figure 4 shows another alternative network 
system that may be utilized to implement a preferred 
embodiment of the invention. More particularly, the tar- 
get 102 is coupled to and accessfole by two independ- 
ent busses 104A and 104B that each have a set of 
initiators 100. The target controller 106 in this embodi- 
ment also functions substantially identically to that in the 
other embocfi merits in receiving access messages and 
determining if an initiator identifier is within the permit- 
ted set. For example, in addition to utilizing the initiator 
identifier, the target identifier, and the logical unit 
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number (in a SCSI bus system), the controller 106 also 
utilizes a bus identifier to determine which initiator 100 
on which bus is requesting access. Conflicts between 
two initiators attempting to simultaneously access a sin- 
gle logical unit 1 08 are resolved in accordance with the s 
bus protocol specification. In other embodiments, more 
than two busses may be coupled to the target 102. 
[0026] Although embodiments of the invention have 
been described in terms of the SCSI specification, it 
should be noted that other communication protocols 
may be utilized to implement the invention. For example, 
conventionally known peripheral connect interface 
("PCI") and Fixe Channel protocols may be utilized. 
[0027] Some embodiments of the invention do not 
probe the SCSI bus 104 (step 200 of figure 2) to deter- 
mine the target identifier and the logical units 108 asso- 
ciated with the target 102. In such cases, the access 
message may include the actual logical unit numbers of 
the target 102 to which access is requested. The target 
controller 106 responsively accesses the look-up data 
structure to determine if the logical units 1 08 designated 
in the access message are in a permitted set of logical 
units 108 available to the initiator 100. Access then is 
permitted to the logical units 108, specified in the 
access message, that are in the permitted set. Access 
is denied, however, to those logical units 108 specified 
in the access message that are not in the permitted set 
When access is denied, the target controller 106 may 
transmit a denial message to the initiator 1 00 indicating 
either that access to certain requested logical units 108 
is denied, or that the requested logical units do not exist 
Accordingly, in a similar manner to the process shown in 
figure 2, the initiator identifier is utilized to determine 
whether access to a logical unit 108 is permitted. 
[0028] It is known in the art that a single target may be 
configured to respond to two or more target identifiers 
when used with conventional SCSI controller chips 
(eg., a model number NCR534825 SYMBIOS™ chip 
available from Symbtos Logic Incorporated of Fort Col- 
lins, Colorado). For example, a single target device on a 
SCSI bus may be identified by first and second target 
identifiers and thus, appear to be two separate target 
devices. Accorcfingly, when used with preferred embod- 
iments of the invention, the initiator identifier may be uti- 
lized in conjunction with the first target identifier to 
access a first set of logical units, and then used in con- 
junction with the second target identifier to access a 
second set of logical units. 

[0029] Unlike prior art systems, initiators 1 00 having 
different protocol requirements (e.g., vendor unique 
behavioral variants) may be utilized with preferred 
embodiments of the bus system. To that end, each 
group of logical units 108 that may be accessed by each 
initiator 100 is viewed by the system as an independent 
virtual target 102. The target controller 106 thus prefer- 
ably is precorrfigured to include separate driver pro- 
grams 110 that each are specific to the configuration of 
each initiator 100. As shown below in figure 5 (dis- 



cussed below), selection of the appropriate driver pro- 
gram 1 10 for an initiator 100 is based upon the initiator 
identifier. 

[0030] Accordingly, a single logical unit 108 included 
in two or more virtual targets 102 may be accessed in 
conformance with the configuration of the specific initia- 
tor 100 requiring access. For example, if a first initiator 
100 having a first configuration and a second initiator 
100 having a second (different) configuration each 
share a single logical unit 108, then the logical unit 108 
responds according to the first configuration when the 
first initiator 100 is accessing it and similarly responds 
according to the second configuration when the second 
initiator 100 is accessing it 

[0031 ] Figure 5 shews a preferred process for access- 
ing a virtual target via a target controller 1 06 that is com- 
patfcle with initiators 100 having different protocol 
requirements (configurations). The process begins at 
step 500 in which a message is received by the target 
controller 106 requesting access by a requesting initia- 
tor 100. At step 502, the target controller 106 extracts 
the initiator identifier from the message and determines 
which driver 110 corresponds to such initiator identifier. 
Such correspondence may be determined by accessing 
a look-up table in the local memory of the target control- 
ler 106. The target controller 106 then utilizes the driver 
1 10 to process the access message (step 504), thus 
facilitating access by the initiator 100 in accordance with 
preferred embodiments of the invention (step 506). 
[0032] In addition to solving privacy problems by 
assigning sets of logical units 108 to selected initiators 
100, preferred embodiments of the invention enable a 
target 102 with many logical units to be more efficiently 
utilized. For example, a target 102 having thirty-two log- 
ical units and located on a narrow SCSI bus system may 
be fully utilized by four initiators 100 that each has eight 
different assigned logical units 108. For example, a first 
initiator 100 may have access logical units 0-7, a sec- 
ond initiator 100 may have access logical units 8-15, a 
third initiator 100 may have access to logical units 16- 
23. and a fourth initiator 100 may have access to logical 
units 24-31. Accordingly, a user may access any of the 
logical units 108 {e.g., disks on a disk array) by select- 
ing the appropriate initiator 100. In some embodiments, 
each of the four initiators 100 may be accessible by one 
computer that coordinates interaction between each of 
the initiators 100. For example, each initiator may be a 
computer card within a computer system. In other 
embodiments, the four initiators 100 may be separate 
computer systems. 

[0033] In an alternative embocfi merit the invention 
may be implemented as a computer program product 
for use with a computer system. Such implementation 
may include a series of computer instructions fixed 
either on a tangible medium, such as a computer read- 
able media (e.g., a diskette, CD-ROM, ROM, or fixed 
disk), or transmittable to a computer system via a 
modem or other interface device, such as a Communica- 
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tions adapter connected to a network over a medium. 
The medium may be either a tangtole medium (e.g., 
optical or analog communications lines) or a medium 
implemented with wireless techniques (e.g.. microwave, 
infrared or other transmission techniques). The series of 5 
computer instructions embodies all or part of the func- 
tionality previously described herein with respect to the 
system. Those skilled in the art should appreciate that 
such computer instructions can be written in a number 
of programming languages for use with many computer w 
architectures or operating systems. Furthermore, such 
instructions may be stored in any memory device, such 
as semiconductor, magnetic optical or other memory 
devices, and may be transmitted using any communica- 
tions technology, such as optical, infrared, microwave, 15 
or other transmission technologies. It is expected that 
such a computer program product may be distributed as 
a removable media with accompanying printed or elec- 
tronic documentation {e.g., shrink wrapped software), 
preloaded with a computer system (e.g., on system 20 
ROM or fixed disk), or cfistributed from a server or elec- 
tronic bulletin board over the network (e.g. 9 the Internet 
or World Wide Web). 

[0034] Although various exemplary embodiments of 
the invention have been disclosed, it should be appar- 25 
ent to those skilled in the art that various changes and 
modifications can be made which will achieve some of 
the advantages of the invention without departing from 
the true scope of the invention. These and other obvious 
modifications are intended to be covered by the 30 
appended claims. 

Claims 

1. A method of controlling access by an initiator device 35 
to a target device on a bus, the initiator device being 
identified by an initiator identifier, the initiator device 
producing a message that is transmitted to the tar- 
get device, the message including the initiator iden- 
tifier, the method comprising the steps of : 40 

A. determining, in response to receipt of the 
message, if the initiator identifier is in a permit- 
ted set of identifiers associated with a selected 
portion of the target device; and 45 

B. denying access by the initiator device to the 
selected portion of the target device if it is 
determined that the initiator identifier is not in 
the permitted set of identifiers. 

50 

2. The method as defined by claim 1 wherein the mes- 
sage identifies the selected portion. 

3. The method as defined by claim 1 further including 
the step of: ss 

C. permitting access by the initiator device to 
the selected portion of the target device if it is 



determined that the initiator identifier is in the 
permitted set of identifiers. 

4. The method as defined by claim 1 wherein step A 
comprises the steps of: 

A1 . identifying which portions of the target are 
accessible by the initiator device; and 
A2. determining if the selected portion of the 
target is identified in step A1. 

5. The method as defined by claim 1 wherein the bus 
is a SCSI bus and the message includes a logical 
unit number associated with the selected portion of 
the target device. 

6. The method as defined by claim 1 wherein the initi- 
ator identifier specifies the physical address of the 
initiator on the bus. 

7. The method as defined by claim 1 wherein the tar- 
get includes a target identifier identifying the target, 
the initiator being connected to the bus, the step of 
determining including the steps of: 

A3, determining the identity of the bus; and 
A4. determining the target identifier. 

8. The method as defined by claim 1 wherein the per- 
mitted set of identifiers has no more than one iden- 
tifier. 

9. The method as defined by claim 1 wherein the tar- 
get device is a disk array. 

1 0. The method as defined by claim 1 wherein the mes- 
sage is received by a target controller, and further 
wherein the target controller permits access by the 
initiator if the initiator identifier is in the permitted 
set of identifiers. 

11. The method as defined by claim 1 wherein the tar- 
get device receives the message and performs step 
A. 

12. The method as defined by claim 1 wherein the per- 
mitted set of identifiers includes a logical unit 
number zero. 

13. An apparatus for controlling access by an initiator 
device to a target device on a bus, the initiator 
device being identified by an initiator identifier, the 
initiator device producing a message that is trans- 
mitted to the target device, the message including 
the initiator identifier, the apparatus comprising: 

means for determining, in response to receipt 
of the message, if the initiator identifier is in a 
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permitted set of identifiers associated with a 
selected portion of the target device; and 
means for denying access by the initiator 
device to the selected portion of the target 
device if it is determined that the initiator identi- s 
tier is not in the permitted set of identifiers. 



14. The apparatus as defined by claim 13 wherein the 
message identifies the selected portion. 

15. The apparatus as defined by claim 13 further 
including: 



means for permitting access by the initiator 
device to the selected portion of the target is 
device if it is determined that the initiator identi- 
fier is in the permitted set of identifiers. 



16. The apparatus as defined by claim 13 wherein the 
determining means comprises: 



20 



means for identifying which portions of the tar- 
get are accessible by the initiator device; and 
means for determining if the selected portion of 
the target is identified by the identifying means. 2s 

17. The apparatus as defined by claim 13 wherein the 
bus is a SCSI bus and the message includes a log- 
ical unit number associated with the selected por- 
tion of the target device. 30 

18. The apparatus as defined by claim 13 wherein the 
target device is a disk array. 

19. The apparatus as defined by claim 13 wherein the 35 
target includes a target identifier identifying the tar- 
get the initiator being connected to the bus, the 
means for determining including: 

means for determining the identity of the bus; 40 
and 

means for determining the target identifier. 

20. The apparatus as defined by claim 13 wherein the 
permitted set of identifiers has no more than one 45 
identifier. 

21. The apparatus as defined by claim 13 wherein the 
initiator identifier specifies the physical location of 
the initiator on the bus. so 

22. The apparatus as defined by claim 13 wherein the 
message is received by a target controller, and fur- 
ther wherein the target controller permits access by 
the initiator if the initiator identifier is in the permit- ss 
ted set of identifiers. 

23. The apparatus as defined by claim 13 wherein the 



target device includes means for receiving the mes- 
sage and the determining means. 

24. The apparatus as defined by claim 13 wherein the 
initiator has a specified configuration, the apparatus 
further including: 



a driver having the specified configuration for 
processing messages received by the initiator; 
w and 

means for associating the initiator identifier 
with the driver. 



25. A computer program product for use on a computer 
system for controlling access by an initiator device 
to a target device on a bus, the initiator device being 
identified by an initiator identifier, the initiator device 
producing a message that is transmitted to the tar- 
get device, the message including the initiator iden- 
tifier, the computer program product comprising a 
computer usable medium having computer reada- 
ble program code thereon, the computer readable 
program code including: 

program code for determining, in response to 
receipt of the message, if the initiator identifier 
is in a permitted set of identifiers associated 
with a selected portion of the target device; and 
program code for permitting access by the initi- 
ator device to the selected portion of the target 
device if it is determined that the initiator identi- 
fier is in the permitted set of identifiers. 

26. A method of controlling access to a target device by 
an initiator device, the target device and initiator 
device each connected to a bus, the initiator device 
being identified by an initiator identifier, the initiator 
device producing a probe message that is transmit- 
ted to the target device, the probe message includ- 
ing the initiator identifier, the method comprising the 
steps of: 

A. determining the initiator identifier from the 
probe message; 

B. identifying, based upon the initiator identifier, 
at least zero portions of the target device that 
are accessible to the initiator device; and 

C. producing a reply message that is transmit- 
ted to the initiator device, the reply message 
identifying the at least zero portions of the tar- 
get device that are accessible to the initiator 
device. 

27. The method as defined by claim 26 whereby in 
response to receipt of the reply message by the ini- 
tiator device, the initiator device produces an 
access message, the method further comprising 
the step of: 
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D. permitting access, by the initiator device, to 
the at least zero portions of the target device in 
response to receipt off the access message, the 
access message identifying the at least zero 
portions of the target device. 5 

28. The method as defined by claim 27 wherein the bus 
operates in accord with a specified bus protocol, 
step B comprising the step of: 

10 

B1. mapping the initiator identifier to the at 
least zero portions of the target device; and 
B2. identifying the at least zero portions in 
accord with the bus protocol. 

15 

29. The method as defined by claim 35 wherein step B 
comprises the step of: 

B1. locating an access set having data identify- 
ing any portion of the target to which the initia- 20 
tor may access. 

30. An apparatus for controlling access to a target 
device by an initiator device, the target device and 
initiator device each connected to a bus, the initiator 2s 
device being identified by an initiator identifier, the 
initiator device producing a probe message that is 
transmitted to the target device, the probe message 
including the initiator identifier, the apparatus com- 
prising: 30 

means for determining the initiator identifier 
from the probe message; 
means for identifying, based upon the initiator 
identifier, at least zero portions of the target 35 
device that are accessible to the initiator 
device; and 

means for producing a reply message that is 
transmitted to the initiator device, the reply 
message identifying the at least zero portions 40 
of the target device that are accessible to the 
initiator device. 

31 . The apparatus as def ined by claim 30 wherein the 
bus operates in accord with a specified bus proto- 45 
col, the means for identifying including: 

means for mapping the initiator identifier to the 
at least zero portions of the target device; and 
means for identifying the at least zero portions so 
in accord with the bus protocol. 

32. The apparatus as defined by claim 30 whereby in 
response to receipt of the reply message by the ini- 
tiator device, the initiator device produces an ss 
access message, the apparatus further comprising: 

means for permitting access, by the initiator 



device, to the at least zero portions of the target 
device in response to receipt of the access 
message, the access message identifying the 
at least zero portions of the target device. 

33. The apparatus as defined by claim 30 wherein the 
identifying means comprises: 

means for locating an access set having data 
identifying any portion of the target to which the 
initiator may access. 

34. A computer program product for use on a computer 
system for controlling access to a target device by 
an initiator device, the target device and initiator 
device each connected to a bus, the initiator device 
being identified by an initiator identifier, the initiator 
device producing a probe message that is transmit- 
ted to the target device, the probe message includ- 
ing the initiator identifier, the computer program 
product comprising a computer usable medium 
having computer readable program code thereon, 
the computer readable propam code including: 

program code for determining the initiator iden- 
tifier from the probe message; 
program code for identifying, based upon the 
initiator identifier, at least zero portions of the 
target device that are accessHe to the initiator 
device; and 

program code for producing a reply message 
that is transmitted to the initiator device, the 
reply message identifying the at least zero por- 
tions of the target device that are accessible to 
the initiator device 

35. A target device for access by an initiator, the initia- 
tors being identified by an initiator identifier, the tar- 
get device comprising: 

a plurality of logical units; 

means for ascertaining the initiator identifier; 

and 

a target controller including means for permit- 
ting access by the initiator to a permitted set of 
the plurality of logical units target, the permitted 
set being less than all of the logical units in the 
target 

the target controller further including a memory 
for storing mapping data for mapping the initia- 
tor identifier to those logical units in the permit- 
ted set 

36. The target device as defined by claim 35 wherein 
the plurality of logical units are identified by the tar- 
get by a first set of logical unit identifiers in a first 
format, the target device further including: 
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a receiving port for receiving a request mes- 
sage from initiators, each message including a 
second set of logical unit identifiers for identify- 
ing a set of logical units on the target to which 
access is requested by such initiator; 5 
means for converting the identifiers in the sec- 
ond set of identifiers into the first format 

37. The target device as defined by claim 36 wherein 
the converting means converts at least one of the 10 
logical unit identifiers in the second set of identifiers 
into a logical unit number zero. 

38. The target device as defined by claim 35 wherein 
the ascertaining means includes means for receiv- 75 
ing a message from the initiator. 

39. The target device as defined by claim 35 further 
including means for denying access if the initiator 
identifier is not mapped to the permitted set. 20 

40. A method of controlling access to a target by two 
initiators on a bus, the first initiator having a first 
configuration and first initiator identifier, the second 
initiator having a second configuration and a sec- 25 
ond initiator identifier, the method comprising the 
steps of: 

providing a first driver for interpreting the first 
configuration and facilitating access by the first 30 
initiator; 

providing a second driver for interpreting the 
second configuration and facilitating access by 
the second initiator; 

receiving an access message having one of 35 
the first initiator identifier and the second initia- 
tor identifier; 

if the message has the first initiator identifier, 
directing the message to the first driver; and 
if the message has the second initiator iderrti- 40 
tier, directing the message to the second driver. 

41 . The method as defined by claim 40 further includ- 
ing the step of: 

45 

permitting access by the first initiator to the tar- 
get if the initiator identifier in the message is the 
first initiator identifier. 

42. The method as defined by claim 40 further includ- so 
ing the step of: 

permitting access by the second initiator to the 
target if the initiator identifier in the message is 
the second initiator identifier. ss 

43. An apparatus for controlling access to a target by 
two initiators on a bus, the first initiator having a first 



configuration and first initiator identifier, the second 
initiator having a second configuration and a sec- 
ond initiator identifier, the apparatus comprising: 

a first driver for interpreting the first configura- 
tion and facilitating access by the first initiator; 
a second driver for interpreting the second con- 
figuration and facilitating access by the second 
initiator; 

a receiver for receiving an access message 
having one of the first initiator identifier and the 
second initiator identifier; 
means for directing the access message to the 
first driver if the access message has the first 
initiator identifier; and 

means for directing the access message to the 
second driver if the access message has the 
second initiator identifier. 

44. The apparatus as defined by claim 43 further 
including: 

means for permitting access by the first initiator 
to the target if the initiator identifier in the 
access message is the first initiator identifier. 

45. The apparatus as defined by claim 43 further 
including: 

means for permitting access by the second ini- 
tiator to the target if the initiator identifier in the 
access message is the second initiator identi- 
fier. 

46. A computer program product for use on a computer 
system for controlling access to a target by two ini- 
tiators on a bus, the first initiator having a first con- 
figuration and first initiator identifier, the second 
initiator having a second configuration and a sec- 
ond initiator identifier, the computer program prod- 
uct comprising a computer usable medium having 
computer readable program code thereon, the 
computer readable program code including: 

driver program code for interpreting the first 
configuration and facilitating access by the first 
initiator; 

driver program code for interpreting the second 
configuration and facilitating access by the sec- 
ond initiator; 

program code for receiving an access message 
having one of the first initiator identifier and the 
second initiator identifier; 
program code for directing the message to the 
first driver if the message has the first initiator 
identifier; and 

program code for directing the message to the 
second driver if the message has the second 
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